Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
31-07-2024 16:25
General
-
Target
UCenter_Home_1.5RC1_SC_utf8/upload/admin/tpl/album.htm
-
Size
4KB
-
MD5
f520d9c5f952077110348d36612be33a
-
SHA1
ba23a7ca6c28d53eb96cb08eed1fae47dc825516
-
SHA256
3a39c8352bc71c30e68e848a866078254b82e9ae3d6042531b5447d293dd0b52
-
SHA512
67b0eaf103be5c28928db4bf5a31bf379bfcb14340b7aaefd485ff4276d74ba0cb37068ed137e31ce4a20af279072a5fbe9dd64fd2cd90e399c87acf669d0468
-
SSDEEP
96:ErJ4p/XrCr6oQ26v1baDpYegW+sYkGml80lIBlBWLd:fpDCr6oQ269baDWegW+sYkGml80lI9Q
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\UCenter_Home_1.5RC1_SC_utf8\upload\admin\tpl\album.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD57cc7811b25ed964039fe56a956c21d64
SHA1a9b0af2baf573f80b6d1d7f5443fc6fa61105370
SHA25604ef6f32dd9f5037753f25369e14a6a3e856ebd9a17369db4300b771198bbba8
SHA512b5b3c39d9d3db2bb3d631528e4b633ba33270ad7119d92ff5b9a510e6e570d0528d60e39f8689f27abd20ed8067343bf2f3c91c3edfc0b7cc378fc9e6d34a79b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5b73d212782f69c117bc9209f41956461
SHA124213bc74ad7db1c349d514b40b7a2ab3d9b35b4
SHA256bdd3d2dec0e44b71cd679f12aa5b8d7213275db654469ae0f14a4258eb3cfe36
SHA512971c3c89ae1581dff48d876cecdcae6e8cd68579686616cccdbcb543d60f6c05708bf67a636b376ea5e1ada3890cd24d641fbada1a529e3aea94e648f75ebfdb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5856a8250ed52463c6f6cf108739204a3
SHA12faef59873b364f5bfabca07f4edf8759e6dbb09
SHA256999bd8633e986f8573f2906b747dcb81491cc4acf8bdc63e12270f387a21a493
SHA5127dd45c62b8bcf3c51efb0d40b81c6c809c64e3133226a64d4fe98aad2733e26d4b0ca6606a7e2cd82fbe2ac40b5c5640c2b7793df8a6b5231d4a079f36b44977
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD52ee21b199b30d19011e14e97cf7c510c
SHA1bbb46cec1a89e5265dad67e277064fc95d04efb5
SHA256bdf4daea7d19c87bd9a4a5f20fdf47ce5d208c8d362cbdc678818722e2860c9c
SHA5129953756457d75c9ccaf771e6e75a11b0bc362fc7d1511ad1d2c91a3c7d4657b5f684e983ea202cb51f5791c96890041a250c8b854bc97a8c7ef53be997473ff5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD55163e9e22fe0f80f5c7d799af5982fc7
SHA1fd11bef041dbaa283d5ab5855d71fe7ddbd8c371
SHA2568fd7c2bec65eca064b1d11e0be05d5cf5d60fc785249da30464dd055358eca89
SHA512d011df692dd86a700defd295227911e549ba238f43994a4e92e81653e55eea15f0b6985500b604721103495349c11739192b023c0dc150176a2938e736091ae0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD576a2669bbfc6af078b4bbf0ff6996327
SHA1e968c891e407163d90b128eabec6f913a18a1e61
SHA25672b1e4d857c6cba970e6251b735e66f11667296b0dccc30f364051b012f4b061
SHA51253f8490dfe993f7e1590ee0cbaeb0e58dc9960fc9932c27fcd6a0464374c3f0f5b1139c779208e855e1d40adea6e5433b004145f5ac95a9df22f604779760383
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD5358df3b1ea776a7e8f401176b912e7a7
SHA142ba78fd8224298e90f6ea25cbc409cf665cfa20
SHA2560a343af96555ce27947fc8bad628c10014eaa0b9ee49aea87f220626c59fd5d5
SHA5122b54ed1704b71eabcafd188a010d36d4a040f5a1d6428da5d70af0a2c5e0ba1ce2211a3ed13b1c7b56025ec163ea6f1db8020abb61d23f9c732e9a60028d952d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
304B
MD51a1adc4c28318994ca5bd8a0e6dc8492
SHA178bae7d63fd6d29800ba79f0fc452d05a05a3ada
SHA25641a0d5cca53b2237bdab332c02a6e2621f7b9a31dc9a0fe971f0bdbe2e06e418
SHA512744f8997b0c0dfca6ae7bd825079d6258ec167efb4a107c6fe6cea04ae9bf7b3c346a6212f9eebe0c613ea552bf0ab4af75dfccb9c5d8d1a28c726feb6ed6b30
-
C:\Users\Admin\AppData\Local\Temp\Cab255.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\Tar45A.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b